[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [handly-dev] [eclipse.org-committers] Git client vulnerability on Windows, Mac
|
I have updated Handly tools ('.p2f' files) to include EGit 3.4.2.
Please update your JGit & EGit if you are on Windows or Mac OS X.
See https://dev.eclipse.org/mhonarc/lists/egit-dev/msg03717.html
-Vladimir
> From: Denis Roy <denis.roy@xxxxxxxxxxx>
>
> Greetings!
>
> You may be aware of a vulnerability which affects Git clients on Windows
> and Mac:
>
> https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
>
> The article mentions that jGit is affected as well, and that jGit has
> issued a maintenance release, but I'm not sure what happens in
> Eclipse-land since the jGit web page doesn't mention a single thing, and
> I cannot find anything in Bugzilla.
>
> http://eclipse.org/jgit/
>
> I was only able to find this 2-year-old bug related to the issue:
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=367248
>
> I believe jGit is bundled in all our Eclipse packages that contain eGit,
> so I will cc the Eclipse Security team. If the jGit team has more
> information, or if I'm ridiculously off-base on this, please feel free
> to add more info.
>
>
>
> While I have your attention, I'd like to wish everyone a festive holiday
> season. Matt and I will be casually monitoring Bugzilla inboxes to make
> sure everything is working smoothly during the holiday shutdown.
>
> Denis
> _______________________________________________
> eclipse.org-committers mailing list
> eclipse.org-committers@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
>
> IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.
